AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims 
in the application: 



Listing of Claims: 



1 1 . (Currently amended) A method for facilitating a key exchange that 

2 operates with a pre-shared secret key and that hides identities of parties involved 

3 in the key exchange, comprising: 

4 initially establishing a negotiated secret kev between a first party and a 

5 second party by performing communications between the first party and the 

6 second party across a network; 

7 wherein the communications between the first party and the second party 

8 do not allow an eavesdropper to determine the negotiated s ecret key: 

9 encrypting an identifier for the first party using a first key that is a function 

10 | nf a group secret kev and the negotiated secret key to form an encrypted identifier; 

1 1 wherein the group secret key is known to members of a group, including 

1 2 the first party and the second party, but is kept secret from parties outside of the 

13 group; 

14 sending the encrypted identifier from the first party across the network to 

15 the second party; 

1 6 allowing the second party to decrypt the encrypted identifier by using the 

1 7 group secret kev and the negotiated secret key ; 

1 8 allowing the second party to use the identifier to leekttp- look up the pre- 

19 shared secret key that was previously established between the first party and the 

20 second party; and 
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21 using the pre-shared secret key in forming at least one subsequent 

22 communication between the first party and the second party. 

1 2. (Cancelled). 



1 

2 
3 



3. (Currently amended) The method o f claim 2 claim 1, wherein 
establishing the negotiated secret key involves using the Diffie-Hellman method 
to establish the negotiated secret key. 



1 4. (Original) The method of claim 1 , wherein the second party is a 

2 firewall through which the first party seeks to communicate. 

1 5. (Original) The method of claim 4, wherein the first party is a 

2 person seeking to communicate through the firewall from one of a number of 

3 possible Internet Protocol (IP) addresses. 

1 6. (Original) The method of claim 1 , wherein the group secret key is 

2 one of a plurality of group secret keys maintained by the group. 
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7. (Currently amended) A method for facilitating a key exchange that 
operates with a pre-shared secret key and that hides identities of parties involved 
in the key exchange, comprising: 

initially establishing a negotiated secret kev betwee n a first party and a 
second party by performing communications between the first party and the 
second party across a network; 

wherein the communications between the first part y and the second party 
do not allow an eavesdropper to determine the negotiate d secret kev; 



4 

XXX Z:\Sun Microsystems\SUN-P501 2-RSH\Amendment A.doc 



9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 



allowing the first party to encrypt an identifier for the first using a first key 
that is a function of a group secret key and the nego tiated secret key to form an 
encrypted identifier; 

wherein the group secret key is known to members of a group, including 
the first party and the second party, but is kept secret from parties outside of the 
group; 

receiving the encrypted identifier at the second party from the first party 

across the network; 

decrypting the encrypted identifier by using the group secret key and the 

negotiated secret key ; 

using the identifier to lookup the pre-shared secret key that was previously 
established between the first party and the second party; and 

using the pre-shared secret key in forming at least one subsequent 
communication between the first party and the second party. 



8. (Cancelled) 
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9. (Currently amended) The method o f claim 8 claim 7 , wherein 
establishing the negotiated secret key involves using the Diffie-Hellman method 
to establish the negotiated secret key. 



1 1 0. (Original) The method of claim 7, wherein the second party is a 

2 firewall through which the first party seeks to communicate. 



1 11. (Original) The method of claim 1 0, wherein the first party is a 

2 person seeking to communicate through the firewall from one of a number of 

3 possible Internet Protocol (IP) addresses. 
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1 12. (Original) The method of claim 7, wherein the group secret key is 

2 one of a plurality of group secret keys maintained by the group. 

1 13. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method for facilitating a key exchange that operates with a pre-shared secret key 

4 and that hides identities of parties involved in the key exchange, the method 

5 comprising: 

6 initially establishing a negotiated secret key between a first party and a 

7 second party by performing communications between the first party and the 

8 second party across a network; 

9 wherein the communications between the first party and the second party 

10 do not allow an eavesdropper to determine the negotiated secret key; 

1 1 encrypting an identifier for the first party using a first key that is a function 

12 of a group secret key and the negotiated secret key to form an encrypted identifier; 

1 3 wherein the group secret key is known to members of a group, including 

14 the first party and the second party, but is kept secret from parties outside of the 

15 group; 

1 6 sending the encrypted identifier from the first party across the network to 

17 the second party; 

1 8 allowing the second party to decrypt the encrypted identifier by using the 

1 9 group secret key and the negotiated secret key ; 

20 allowing the second party to use the identifier to leekup look up -the pre- 

2 1 shared secret key that was previously established between the first party and the 

22 second party; and 

23 using the pre-shared secret key in forming at least one subsequent 

24 communication between the first party and the second party. 
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1 14. (Cancelled). 

1 15. (Currently amended) The computer-readable storage medium of 

2 | claim 1 4 claim 13 , wherein establishing the negotiated secret key involves using 

3 the DifFie-Hellman method to establish the negotiated secret key. 

1 16. (Original) The computer-readable storage medium of claim 13, 

2 wherein the second party is a firewall through which the first party seeks to 

3 communicate. 

1 17. (Original) The computer-readable storage medium of claim 16, 

2 wherein the first party is a person seeking to communicate through the firewall 

3 from one of a number of possible Internet Protocol (IP) addresses. 

1 18. (Original) The computer-readable storage medium of claim 13, 

2 wherein the group secret key is one of a plurality of group secret keys maintained 

3 by the group. 

1 19. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method for facilitating a key exchange that operates with a pre-shared secret key 

4 and that hides identities of parties involved in the key exchange, the method 

5 comprising: 

6 establishing a negotiated secret key between a first party and a second 

7 party by performing communications between the first party and the second party 

8 across a network: 

9 wherein the communications between the first party and the second party 
10 do not allow an eavesdropper to determine the negotiated secret key; 
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1 1 allowing the first party to encrypt an identifier for the first party using a 

1 2 first key that is a function of a group secret key and the negotiated secret key to 

13 form an encrypted identifier; 

14 wherein the group secret key is known to members of a group, including 

15 the first party and the second party, but is kept secret from parties outside of the 

16 group; 

1 7 receiving the encrypted identifier at the second party from the first party 

18 across the network; 

19 decrypting the encrypted identifier by using the group secret key and the 

20 negotiated secret key ; 

21 using the identifier to lookup the pre-shared secret key that was previously 

22 established between the first party and the second party; and 

23 using the pre-shared secret key in forming at least one subsequent 

24 communication between the first party and the second party. 



1 20. (Currently amended) An apparatus that facilitates a key exchange 

2 that operates with a pre-shared secret key and that hides identities of parties 

3 involved in the key exchange, the apparatus comprising: 

4 establishing a negotiated secret key between a first party and a second 

5 party by performing communications between the first party and the second party 

6 across a network; 

7 wherein the communications between the first party and the second party 

8 do not allow an eavesdropper to determine the negotiated secret key: 

9 an encryption mechanism that is configured to encrypt an identifier for the 

10 first party using a first key that is a function of a group secret key and the 

1 1 negotiated secret key to form an encrypted identifier; 
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wherein the group secret key is known to members of a group, including 
the first party and the second party, but is kept secret from parties outside of the 
group; 

a communication mechanism that is configured to send the encrypted 
identifier from the first party across the network to the second party, so that the 
second party can decrypt the encrypted identifier by using the group secret key and 
the negotiated secret key in order to use the identifier to lookup the pre-shared 
secret key that was previously established between the first party and the second 
party; and 

wherein the communication mechanism is additionally configured to use 
the pre-shared secret key to encrypt at least one subsequent communication 
between the first party and the second party. 

21. (Cancelled) 



1 22. (Currently amended) The apparatus o f claim 21 claim 20 , wherein 

2 establishing the negotiated secret key involves using the Diffie-Hellman method 

3 to establish the negotiated secret key. 



1 23. (Original) The apparatus of claim 20, wherein the second party is a 

2 firewall through which the first party seeks to communicate. 

1 24. (Original) The apparatus of claim 23, wherein the first party is a 

2 person seeking to communicate through the firewall from one of a number of 

3 possible Internet Protocol (IP) addresses. 

1 25. (Original) The apparatus of claim 20, wherein the group secret key 

2 is one of a plurality of group secret keys maintained by the group. 
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1 26. (Currently amended) An apparatus that facilitates a key exchange 

2 that operates with a pre-shared secret key and that hides identities of parties 

3 involved in the key exchange, the apparatus comprising: 

4 establishing a negotiated secret key between a first party and a second 

5 party by performing communications between the first party and the second party 

6 across a network; 

7 wherein the communications between the first party and the second party 

8 do not allow an eavesdropper to determine the negotiated secret key; 

9 a communication mechanism that is configured to receive an encrypted 

10 identifier at the second party from the first party across the network; 

1 1 wherein the encrypted identifier was produced by encrypting an identifier 

1 2 for the first party using a first key that is a function of a group secret key and the 

13 negotiated secret key ; 

14 wherein the group secret key is known to members of a group, including 

1 5 the first party and the second party, but is kept secret from parties outside of the 

16 group; 

1 7 a decryption mechanism that is configured to decrypt the encrypted 

1 8 identifier by using the group secret key and the negotiated secret key ; 

19 a lookup mechanism that is configured to use the identifier to lookup look 

20 up the pre-shared secret key that was previously established between the first party 

2 1 and the second party; and 

22 wherein the communication mechanism is additionally configured to use 

23 the pre-shared secret key in forming at least one subsequent communication 

24 between the first party and the second party. 



10 

XXX Z:\Sun Microsystems\SUN-P5012-RSH\Amendment A.doc 



